"One big area for us was looking at everything that is external facing and what types of examination should that have in terms of our attack surface. Another area we looked at is how we're doing authentication, have we implemented risk-based authentication across the board and where can we infuse that further into the process?"
He also sought to aggressively enforce segmentation, deciding which data could be lumped together and which should be kept separate. "This has been a great thing for us in terms of looking at how to quickly implement areas of control," Schwartz added.
Another successful attack would be nothing short of catastrophic.
Training has been key. The 2011 breach started when an employee opened an Excel document in an email, not realising it would open up their machine to infection. Worker training has now gone much deeper, according to the CSO, with more innovative methods tested out.
"There are techniques that are more invasive, more aggressive, where if you do well I'll reward you, but if you don't I'll make a public spectacle of you in some way," Schwartz said. "The point is, is that there are innovative ways to do that."
RSA will want to keep a close eye on its supply chain too. The hackers behind the 2011 hit did not want saleable data from the security firm, but was after the keys to others' infrastructure, most notably that of US government contractor Lockheed Martin. RSA won't want to fall thanks to partner insecurities and Schwartz said the company was reviewing what best practices should be in relation to supply chain.
"We're talking to others that are doing it as well and asking what else can we do to get even deeper visibility in the process," he said. "When you're a global entity like EMC, there are certain places where you do things where it is very easy to gain visibility, but there are other parts of the world where it becomes tougher to get that level of assurance.
"We're looking at where the risk is, where we have a lot of assurance and visibility and where maybe we need to deal with things either at the contractual level, the surveillance level or testing level."
Here's hoping Schwartz can help RSA avoid any further embarrassment. Another successful attack would be nothing short of catastrophic.
There may be trouble ahead
Despite its successful damage limitation exercise, it would be naive to agree the breach is fully behind RSA. There remain unanswered questions. Questions that the company is refusing to answer.
It is still unclear who was behind the attacks, even though RSA claimed last year a nation state was to blame, or whether law enforcement is hoping to apprehend the perpetrators. "We're not providing any attribution on it," Heiser said, adding that RSA was not investing in capturing the crooks and did not know whether the FBI or others were investigating.
RSA may benefit from a lack of police activity. If arrests are made, it will only refresh customers' and potential clients' memories. RSA does not want people to continually associate it with the events of last year.
Instead, the company would benefit from the power of forgetting' - to borrow a term from security guru Bruce Schneier. RSA knows it will continue to face questions over the compromise, but by placating people with a positive, ostensibly open strategy and having data to support that, the company will continue to do a good job at curbing negative opinion. In terms of acquiring new customers, rather than just appease current ones, that will be vital.
The company will have its fingers crossed nothing dirty emerges from the thin cracks that remain open. If nothing does seep out, and that currently looks likely, the hack, not RSA, will have successfully been buried six feet under.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
AWS CEO Matt Garman just said what everyone is thinking about AI replacing software developersNews Junior developers aren’t going anywhere, according to AWS CEO Matt Garman
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
